/** * Called with the data from the initial recover form was completely * provided and captcha was correct. This method * sends the recover email provided the account had * recover questions set otherwise sets up an error message. * * @return array $data will contain a SCRIPT field with the * Javascript doMessage call saying whether email sent or if there * was a problem */ function processRecoverData() { $data = array(); $this->getCleanFields($data); $data['SCRIPT'] = ""; $user_model = $this->model("user"); $data["REFRESH"] = "signin"; $user = $user_model->getUser($data['USER']); if (!$user) { $data['SCRIPT'] .= "doMessage('<h1 class=\"red\" >" . tl('register_controller_account_recover_fail') . "</h1>');"; $this->model("visitor")->updateVisitor($_SERVER['REMOTE_ADDR'], "captcha_time_out"); return $data; } $session = $user_model->getUserSession($user["USER_ID"]); if (!isset($session['RECOVERY']) || !isset($session['RECOVERY_ANSWERS'])) { $data['SCRIPT'] .= "doMessage('<h1 class=\"red\" >" . tl('register_controller_account_recover_fail') . "</h1>');"; return $data; } $data['SCRIPT'] .= "doMessage('<h1 class=\"red\" >" . tl('register_controller_account_recover_email') . "</h1>');"; $server = new MailServer(MAIL_SENDER, MAIL_SERVER, MAIL_SERVERPORT, MAIL_USERNAME, MAIL_PASSWORD, MAIL_SECURITY); $subject = tl('register_controller_recover_request'); $message = tl('register_controller_admin_email_salutation', $user['FIRST_NAME'], $user['LAST_NAME']) . "\n"; $message .= tl('register_controller_recover_body') . "\n"; $time = time(); $message .= BASE_URL . "?c=register&a=recoverComplete&user="******"&time=" . $time . "&hash=" . urlencode(crawlCrypt($user['HASH'] . $time . $user['USER_NAME'] . AUTH_KEY)); $server->send($subject, MAIL_SENDER, $user['EMAIL'], $message); unset($_SESSION['CAPTCHA_ANSWERS']); unset($_SESSION['CAPTCHA']); unset($_SESSION['RECOVERY_ANSWERS']); unset($_SESSION['RECOVERY']); return $data; }
<?php /* * * Handler for the webservice requests * */ require_once 'mailserver.php'; $handler = new MailServer($_POST); $handler->send(); echo $handler->getResponse();
/** * Used to support requests related to posting, editing, modifying, * and deleting group feed items. * * @return array $data fields to be used by GroupfeedElement */ function groupFeeds() { $parent = $this->parent; $controller_name = get_class($parent) == "AdminController" ? "admin" : "group"; $data["CONTROLLER"] = $controller_name; $other_controller_name = get_class($parent) == "AdminController" ? "group" : "admin"; $group_model = $parent->model("group"); $user_model = $parent->model("user"); $cron_model = $parent->model("cron"); $cron_time = $cron_model->getCronTime("cull_old_items"); $delta = time() - $cron_time; if ($delta > ONE_HOUR) { $cron_model->updateCronTime("cull_old_items"); $group_model->cullExpiredGroupItems(); } else { if ($delta == 0) { $cron_model->updateCronTime("cull_old_items"); } } $data["ELEMENT"] = "groupfeed"; $data['SCRIPT'] = ""; $data["INCLUDE_STYLES"] = array("editor"); if (isset($_SESSION['USER_ID'])) { $user_id = $_SESSION['USER_ID']; } else { $user_id = PUBLIC_GROUP_ID; } $username = $user_model->getUsername($user_id); if (isset($_REQUEST['num'])) { $results_per_page = $parent->clean($_REQUEST['num'], "int"); } else { if (isset($_SESSION['MAX_PAGES_TO_SHOW'])) { $results_per_page = $_SESSION['MAX_PAGES_TO_SHOW']; } else { $results_per_page = NUM_RESULTS_PER_PAGE; } } if (isset($_REQUEST['limit'])) { $limit = $parent->clean($_REQUEST['limit'], "int"); } else { $limit = 0; } if (isset($_SESSION['OPEN_IN_TABS'])) { $data['OPEN_IN_TABS'] = $_SESSION['OPEN_IN_TABS']; } else { $data['OPEN_IN_TABS'] = false; } $clean_array = array("title" => "string", "description" => "string", "just_group_id" => "int", "just_thread" => "int", "just_user_id" => "int"); $strings_array = array("title" => TITLE_LEN, "description" => MAX_GROUP_POST_LEN); if ($user_id == PUBLIC_GROUP_ID) { $_SESSION['LAST_ACTIVITY']['a'] = 'groupFeeds'; } else { unset($_SESSION['LAST_ACTIVITY']); } foreach ($clean_array as $field => $type) { ${$field} = $type == "string" ? "" : 0; if (isset($_REQUEST[$field])) { $tmp = $parent->clean($_REQUEST[$field], $type); if (isset($strings_array[$field])) { $tmp = substr($tmp, 0, $strings_array[$field]); } if ($user_id == PUBLIC_GROUP_ID) { $_SESSION['LAST_ACTIVITY'][$field] = $tmp; } ${$field} = $tmp; } } $possible_arguments = array("addcomment", "deletepost", "addgroup", "newthread", "updatepost", "status", "upvote", "downvote"); if (isset($_REQUEST['arg']) && in_array($_REQUEST['arg'], $possible_arguments)) { switch ($_REQUEST['arg']) { case "addcomment": if (!isset($_REQUEST['parent_id']) || !$_REQUEST['parent_id'] || !isset($_REQUEST['group_id']) || !$_REQUEST['group_id']) { $parent->redirectWithMessage(tl('social_component_comment_error')); } if (!$description) { $parent->redirectWithMessage(tl('social_component_no_comment')); } $parent_id = $parent->clean($_REQUEST['parent_id'], "int"); $group_id = $parent->clean($_REQUEST['group_id'], "int"); $group = $group_model->getGroupById($group_id, $user_id, true); $read_comment = array(GROUP_READ_COMMENT, GROUP_READ_WRITE, GROUP_READ_WIKI); if (!$group || $group["OWNER_ID"] != $user_id && !in_array($group["MEMBER_ACCESS"], $read_comment) && $user_id != ROOT_ID) { $parent->redirectWithMessage(tl('social_component_no_post_access')); } if ($parent_id >= 0) { $parent_item = $group_model->getGroupItem($parent_id); if (!$parent_item) { $parent->redirectWithMessage(tl('social_component_no_post_access')); } } else { $parent_item = array('TITLE' => tl('social_component_join_group', $username, $group['GROUP_NAME']), 'DESCRIPTION' => tl('social_component_join_group_detail', date("r", $group['JOIN_DATE']), $group['GROUP_NAME']), 'ID' => -$group_id, 'PARENT_ID' => -$group_id, 'GROUP_ID' => $group_id); } $title = "-- " . $parent_item['TITLE']; $id = $group_model->addGroupItem($parent_item["ID"], $group_id, $user_id, $title, $description); $followers = $group_model->getThreadFollowers($parent_item["ID"], $group['OWNER_ID'], $user_id); $server = new MailServer(MAIL_SENDER, MAIL_SERVER, MAIL_SERVERPORT, MAIL_USERNAME, MAIL_PASSWORD, MAIL_SECURITY); $post_url = ""; if (in_array($group['REGISTER_TYPE'], array(PUBLIC_BROWSE_REQUEST_JOIN, PUBLIC_JOIN))) { $post_url = BASE_URL . "?c=group&a=groupFeeds&" . "just_thread=" . $parent_item["ID"] . "\n"; } $subject = tl('social_component_thread_notification', $parent_item['TITLE']); $body = tl('social_component_notify_body') . "\n" . $parent_item['TITLE'] . "\n" . $post_url . tl('social_component_notify_closing') . "\n" . tl('social_component_notify_signature'); foreach ($followers as $follower) { $message = tl('social_component_notify_salutation', $follower['USER_NAME']) . "\n\n"; $message .= $body; $server->send($subject, MAIL_SENDER, $follower['EMAIL'], $message); } $parent->redirectWithMessage(tl('social_component_comment_added')); break; case "addgroup": $register = $group_model->getRegisterType($just_group_id); if ($just_group_id > 0 && $register && $register != NO_JOIN) { $this->addGroup($data, $just_group_id, $register); unset($data['SUBSCRIBE_LINK']); } else { $parent->redirectWithMessage(tl('social_component_groupname_cant_add')); } break; case "deletepost": if (!isset($_REQUEST['post_id'])) { $parent->redirectWithMessage(tl('social_component_delete_error')); break; } $post_id = $parent->clean($_REQUEST['post_id'], "int"); $success = $group_model->deleteGroupItem($post_id, $user_id); $search_array = array(array("parent_id", "=", $just_thread, "")); $item_count = $group_model->getGroupItemCount($search_array, $user_id, -1); if ($success) { if ($item_count == 0) { unset($_REQUEST['just_thread']); } $parent->redirectWithMessage(tl('social_component_item_deleted')); } else { $parent->redirectWithMessage(tl('social_component_no_item_deleted')); } break; case "downvote": if (!isset($_REQUEST['group_id']) || !$_REQUEST['group_id'] || !isset($_REQUEST['post_id']) || !$_REQUEST['post_id']) { $parent->redirectWithMessage(tl('social_component_vote_error')); } $post_id = $parent->clean($_REQUEST['post_id'], "int"); $group_id = $parent->clean($_REQUEST['group_id'], "int"); $group = $group_model->getGroupById($group_id, $user_id, true); if (!$group || !in_array($group["VOTE_ACCESS"], array(UP_DOWN_VOTING_GROUP))) { $parent->redirectWithMessage(tl('social_component_no_vote_access')); } $post_item = $group_model->getGroupItem($post_id); if (!$post_item || $post_item['GROUP_ID'] != $group_id) { $parent->redirectWithMessage(tl('social_component_no_post_access')); } if ($group_model->alreadyVoted($user_id, $post_id)) { $parent->redirectWithMessage(tl('social_component_already_voted')); } $group_model->voteDown($user_id, $post_id); $parent->redirectWithMessage(tl('social_component_vote_recorded')); break; case "newthread": if (!isset($_REQUEST['group_id']) || !$_REQUEST['group_id']) { $parent->redirectWithMessage(tl('social_component_comment_error')); } $group_id = $parent->clean($_REQUEST['group_id'], "int"); if (!$description || !$title) { $parent->redirectWithMessage(tl('social_component_need_title_description')); } $group_id = $parent->clean($_REQUEST['group_id'], "int"); $group = $group_model->getGroupById($group_id, $user_id, true); $new_thread = array(GROUP_READ_WRITE, GROUP_READ_WIKI); if (!$group || $group["OWNER_ID"] != $user_id && !in_array($group["MEMBER_ACCESS"], $new_thread) && $user_id != ROOT_ID) { $parent->redirectWithMessage(tl('social_component_no_post_access')); } $thread_id = $group_model->addGroupItem(0, $group_id, $user_id, $title, $description); if ($user_id != $group['OWNER_ID']) { $server = new MailServer(MAIL_SENDER, MAIL_SERVER, MAIL_SERVERPORT, MAIL_USERNAME, MAIL_PASSWORD, MAIL_SECURITY); $subject = tl('social_component_new_thread_mail', $group['GROUP_NAME']); $post_url = BASE_URL . "?c=group&a=groupFeeds&" . "just_thread=" . $thread_id . "\n"; $owner_name = $user_model->getUsername($group['OWNER_ID']); $owner = $user_model->getUser($owner_name); $body = tl('social_component_new_thread_body', $group['GROUP_NAME']) . "\n" . "\"" . $title . "\"\n" . $post_url . tl('social_component_notify_closing') . "\n" . tl('social_component_notify_signature'); $message = tl('social_component_notify_salutation', $owner_name) . "\n\n"; $message .= $body; $server->send($subject, MAIL_SENDER, $owner['EMAIL'], $message); } $parent->redirectWithMessage(tl('social_component_thread_created')); break; case "status": $data['REFRESH'] = "feedstatus"; break; case "updatepost": if (!isset($_REQUEST['post_id'])) { $parent->redirectWithMessage(tl('social_component_comment_error')); } if (!$description || !$title) { $parent->redirectWithMessage(tl('social_component_need_title_description')); } $post_id = $parent->clean($_REQUEST['post_id'], "int"); $action = "updatepost" . $post_id; if (!$parent->checkCSRFTime(CSRF_TOKEN, $action)) { $parent->redirectWithMessage(tl('social_component_post_edited_elsewhere')); } $items = $group_model->getGroupItems(0, 1, array(array("post_id", "=", $post_id, "")), $user_id); if (isset($items[0])) { $item = $items[0]; } else { $parent->redirectWithMessage(tl('social_component_no_update_access')); } $group_id = $item['GROUP_ID']; $group = $group_model->getGroupById($group_id, $user_id, true); $update_thread = array(GROUP_READ_WRITE, GROUP_READ_WIKI); if ($post_id != $item['PARENT_ID'] && $post_id > 0) { $update_thread[] = GROUP_READ_COMMENT; } if (!$group || $group["OWNER_ID"] != $user_id && !in_array($group["MEMBER_ACCESS"], $update_thread) && $user_id != ROOT_ID) { $parent->redirectWithMessage(tl('social_component_no_update_access')); break; } $group_model->updateGroupItem($post_id, $title, $description); $parent->redirectWithMessage(tl('social_component_post_updated')); break; case "upvote": if (!isset($_REQUEST['group_id']) || !$_REQUEST['group_id'] || !isset($_REQUEST['post_id']) || !$_REQUEST['post_id']) { $parent->redirectWithMessage(tl('social_component_vote_error')); } $post_id = $parent->clean($_REQUEST['post_id'], "int"); $group_id = $parent->clean($_REQUEST['group_id'], "int"); $group = $group_model->getGroupById($group_id, $user_id, true); if (!$group || !in_array($group["VOTE_ACCESS"], array(UP_VOTING_GROUP, UP_DOWN_VOTING_GROUP))) { $parent->redirectWithMessage(tl('social_component_no_vote_access')); } $post_item = $group_model->getGroupItem($post_id); if (!$post_item || $post_item['GROUP_ID'] != $group_id) { $parent->redirectWithMessage(tl('social_component_no_post_access')); } if ($group_model->alreadyVoted($user_id, $post_id)) { $parent->redirectWithMessage(tl('social_component_already_voted')); } $group_model->voteUp($user_id, $post_id); $parent->redirectWithMessage(tl('social_component_vote_recorded')); break; } } $view_mode = isset($_REQUEST['v']) ? $parent->clean($_REQUEST['v'], "string") : (isset($_SESSION['view_mode']) ? $_SESSION['view_mode'] : "ungrouped"); $_SESSION['view_mode'] = $view_mode; $view_mode = !$just_group_id && !$just_user_id && !$just_thread ? $view_mode : "ungrouped"; if ($view_mode == "grouped") { return $this->calculateGroupedFeeds($user_id, $limit, $results_per_page, $controller_name, $other_controller_name, $data); } $groups_count = 0; $page = array(); if (!$just_user_id && (!$just_thread || $just_thread < 0)) { $search_array = array(array("group_id", "=", max(-$just_thread, $just_group_id), ""), array("access", "!=", GROUP_PRIVATE, ""), array("status", "=", ACTIVE_STATUS, ""), array("join_date", "=", "", "DESC")); $groups = $group_model->getRows(0, $limit + $results_per_page, $groups_count, $search_array, array($user_id, false)); $pages = array(); foreach ($groups as $group) { $page = array(); $page['USER_ICON'] = "resources/anonymous.png"; $page[self::TITLE] = tl('social_component_join_group', $username, $group['GROUP_NAME']); $page[self::DESCRIPTION] = tl('social_component_join_group_detail', date("r", $group['JOIN_DATE']), $group['GROUP_NAME']); $page['ID'] = -$group['GROUP_ID']; $page['PARENT_ID'] = -$group['GROUP_ID']; $page['USER_NAME'] = ""; $page['USER_ID'] = ""; $page['GROUP_ID'] = $group['GROUP_ID']; $page[self::SOURCE_NAME] = $group['GROUP_NAME']; $page['MEMBER_ACCESS'] = $group['MEMBER_ACCESS']; $page['STATUS'] = $group['STATUS']; if ($group['OWNER_ID'] == $user_id || $user_id == ROOT_ID) { $page['MEMBER_ACCESS'] = GROUP_READ_WIKI; } $page['PUBDATE'] = $group['JOIN_DATE']; $pages[$group['JOIN_DATE']] = $page; } } $pub_clause = array('pub_date', "=", "", "DESC"); $sort = "krsort"; if ($just_thread) { $thread_parent = $group_model->getGroupItem($just_thread); if (isset($thread_parent["TYPE"]) && $thread_parent["TYPE"] == WIKI_GROUP_ITEM) { $page_info = $group_model->getPageInfoByThread($just_thread); if (isset($page_info["PAGE_NAME"])) { $data["WIKI_PAGE_NAME"] = $page_info["PAGE_NAME"]; $data["WIKI_QUERY"] = "?c={$controller_name}&" . "a=wiki&arg=edit&page_name=" . $page_info['PAGE_NAME'] . "&locale_tag=" . $page_info["LOCALE_TAG"] . "&group_id=" . $page_info["GROUP_ID"]; } } if (!isset($_REQUEST['f']) || !in_array($_REQUEST['f'], array("rss", "json", "serial"))) { $pub_clause = array('pub_date', "=", "", "ASC"); $sort = "ksort"; $group_model->incrementThreadViewCount($just_thread); } } $search_array = array(array("parent_id", "=", $just_thread, ""), array("group_id", "=", $just_group_id, ""), array("user_id", "=", $just_user_id, ""), $pub_clause); $for_group = $just_group_id ? $just_group_id : ($just_thread ? -2 : -1); $item_count = $group_model->getGroupItemCount($search_array, $user_id, $for_group); $group_items = $group_model->getGroupItems(0, $limit + $results_per_page, $search_array, $user_id, $for_group); $recent_found = false; $time = time(); $j = 0; $parser = new WikiParser("", array(), true); $locale_tag = getLocaleTag(); $page = false; $pages = array(); $math = false; foreach ($group_items as $item) { $page = $item; $page['USER_ICON'] = $user_model->getUserIconUrl($page['USER_ID']); $page[self::TITLE] = $page['TITLE']; unset($page['TITLE']); $description = $page['DESCRIPTION']; //start code for sharing crawl mixes preg_match_all("/\\[\\[([^\\:\n]+)\\:mix(\\d+)\\]\\]/", $description, $matches); $num_matches = count($matches[0]); for ($i = 0; $i < $num_matches; $i++) { $match = preg_quote($matches[0][$i]); $match = str_replace("@", "\\@", $match); $replace = "<a href='?c=admin&a=mixCrawls" . "&arg=importmix&" . CSRF_TOKEN . "=" . $parent->generateCSRFToken($user_id) . "&timestamp={$matches[2][$i]}'>" . $matches[1][$i] . "</a>"; $description = preg_replace("@" . $match . "@u", $replace, $description); $page["NO_EDIT"] = true; } //end code for sharing crawl mixes $page[self::DESCRIPTION] = $parser->parse($description); $page[self::DESCRIPTION] = $group_model->insertResourcesParsePage($item['GROUP_ID'], -1, $locale_tag, $page[self::DESCRIPTION]); if (!$math && strpos($page[self::DESCRIPTION], "`") !== false) { $math = true; if (!isset($data["INCLUDE_SCRIPTS"])) { $data["INCLUDE_SCRIPTS"] = array(); } $data["INCLUDE_SCRIPTS"][] = "math"; } unset($page['DESCRIPTION']); $page['OLD_DESCRIPTION'] = $description; $page[self::SOURCE_NAME] = $page['GROUP_NAME']; unset($page['GROUP_NAME']); if ($item['OWNER_ID'] == $user_id || $user_id == ROOT_ID) { $page['MEMBER_ACCESS'] = GROUP_READ_WIKI; } if (!$recent_found && !$math && $time - $item["PUBDATE"] < 5 * ONE_MINUTE) { $recent_found = true; $data['SCRIPT'] .= 'doUpdate();'; } $pages[$item["PUBDATE"] . sprintf("%04d", $j)] = $page; $j++; } if ($pages) { $sort($pages); } $data['SUBTITLE'] = ""; if ($just_thread != "" && isset($page[self::TITLE])) { $title = $page[self::TITLE]; $data['SUBTITLE'] = trim($title, "\\- \t\n\r\v"); $data['ADD_PAGING_QUERY'] = "&just_thread={$just_thread}"; $data['JUST_THREAD'] = $just_thread; $group = $group_model->getGroupById($page['GROUP_ID'], $user_id); $data['GROUP_STATUS'] = $group['STATUS']; } else { if ($just_thread != "" && !isset($page[self::TITLE])) { $data['NO_POSTS_IN_THREAD'] = true; } } if (!$just_group_id && !$just_thread) { $data['GROUP_STATUS'] = ACTIVE_STATUS; } if ($just_group_id) { $group = $group_model->getGroupById($just_group_id, $user_id); $data['GROUP_STATUS'] = $group['STATUS']; if (!isset($page[self::SOURCE_NAME])) { $page[self::SOURCE_NAME] = $group['GROUP_NAME']; $data['NO_POSTS_YET'] = true; if ($user_id == $group['OWNER_ID'] || $user_id == ROOT_ID) { // this case happens when a group is no read $data['NO_POSTS_START_THREAD'] = true; } } if ($user_id != PUBLIC_USER_ID && !$group_model->checkUserGroup($user_id, $just_group_id)) { $data['SUBSCRIBE_LINK'] = $group_model->getRegisterType($just_group_id); } $data['SUBTITLE'] = $page[self::SOURCE_NAME]; $data['ADD_PAGING_QUERY'] = "&just_group_id={$just_group_id}"; $data['JUST_GROUP_ID'] = $just_group_id; } if ($just_user_id && isset($page["USER_NAME"])) { $data['SUBTITLE'] = $page["USER_NAME"]; $data['ADD_PAGING_QUERY'] = "&just_user_id={$just_user_id}"; $data['JUST_USER_ID'] = $just_user_id; } if ($pages) { $pages = array_slice($pages, $limit, $results_per_page); } $data['TOTAL_ROWS'] = $item_count + $groups_count; $data['LIMIT'] = $limit; $data['RESULTS_PER_PAGE'] = $results_per_page; $data['PAGES'] = $pages; $data['PAGING_QUERY'] = "./?c={$controller_name}&a=groupFeeds"; $data['OTHER_PAGING_QUERY'] = "./?c={$other_controller_name}&a=groupFeeds"; $this->initializeWikiEditor($data, -1); return $data; }